Typosquatting doesn’t get the attention that it used to, but it remains an effective means for attackers to capitalize on unsuspecting users. Of course, the most effective instances are those that target high-traffic sites. I stumbled upon criagslist.com, a transposition of craigslist.com (aka craigslist.org), only to be redirected to a host of sites pushing various things. The primary server also hosted other domains, including youutbe.com and youtupe.com, knock-offs of YouTube.com.
Miskeying one of these popular sites results in a cascade of redirects through various advertising channels and affiliates. At present, these primarily land the user on different survey pages, promising “exclusive rewards” of $50 or more, or a chance to win a $100 gift card. Previous campaigns were more blatant in deception, delivering fake malware detections, media player upgrades, security vulnerability warnings, and “Blue Screen” errors. One page even delivered an audio warning courtesy of an embedded MP3 file set to autoplay on page load.
Fake alerts:
In general, these attacks frequently use contextual information, with alerts including your location, Internet service provider’s name, browser, OS, etc.
It’s common for less savvy users not to understand that such alerts are nothing more than deceptive web pages. When assisting others, facing such errors, it’s a good practice to have them minimize or close the browser to see if these simply disappear.